If You Used On-Premises Exchange Servers Between February and March, Your Organization is Likely Hacked

A hacker group from China has compromised 30,000 Microsoft Exchange U.S.-based on-premises servers and countless more across the world. The severity and ease of the attack has security researchers agreeing that if you used Outlook Web Access between the end of February and March 3, 2021, the day after Microsoft released a critical patch, you can assume your system is compromised.

The attack leaves behind a web shell that gives malicious hackers total and complete administrative control over the compromised servers. This leads to the hackers being able to install malware, syphon email communication, and create several paths to continue to attack the server long into the future.

Scary stuff, but remember, this only impacts on-premises servers. Cloud-based solutions like Microsoft 365 have up-to-the-minute patches, always.

What You Can Do if You Suspect Your Company was Compromised

It can seem daunting when confronted by this. The sheer size of the affected systems in this attack dwarfs the SolarWinds attack that happened in 2020. However, there are some important and key steps you can take to get your organization back on the path to a healthy IT environment.

1. Confirm Your Exchange Server has Been Compromised

We have access to tools and scanners that will probe your systems and see if it was indeed compromised. Without certainty and clarity, you might be wasting time as your organization’s data and sensitive information continues to fall into hacker hands.

2. Start Planning NOW to Move to Microsoft 365

With this being an on-premises exploit, it’s clearer than ever cloud-based solutions are the future. Using Microsoft 365, you can comfortably lean on the power of Microsoft’s security research, patches and deployment methods without needing to schedule them for your own organization. Our teams have moved hundreds of on-premises servers to the cloud. That enables companies to have peace of mind for security reasons, but it also allows for organizations to digitally transform.

Even if your on-premises server wasn’t impacted by this for some miraculous reason, there are no signs pointing to attackers letting up in 2021. In fact, the opposite is true. With many companies still working from home and trying to bring new collaboration capabilities online, this has caused many IT departments to shift their priorities from critical patching and update regimens to figuring out ways to allow teams and departments to keep getting work done. That’s where Microsoft 365 is able to step in and solve a bulk of those challenges as well.

If you want to see how some companies can be transformed by cloud-based technologies, one of our clients was able to leverage the power of Microsoft’s Azure Cloud to do new things at their company they had only imagined.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author